How to whitelist with Moralis

JimBob · December 18, 2021, 7:19am

Posting here as a question, but also added to Feature Requests as it would be really nice to have functionality built-in.
(request here Whitelist via the MongoDB or similar and a hook/check?)

How would one go about setting up a whitelist for NFT mint (or ERC20 claim) with Moralis?

We know which wallet is logged in if they’ve authenticated with Moralis.
We can add address to the MongoDB I think, by outputting them to JSON and importing?

Next though would be how to check the connected user’s address is in the whitelist, and record how many mints they want / are allowed.
This was we can also avoid the trick where a user mints, moves NFTs out of wallet, and can continue to mint (as many contracts look to check current balance of the NFTs in question in a wallet, rather than keep track of how many have been minted by a wallet, reason being most users can get a solidity contract to check balance but can’t set up a database and queries in conjunction with a mint button so they do it the easy way and leave the whitelist open to abuse)/

So I think it’s theoretically possible. But looking for advice on the steps to do it. How do you query a custom range of data (the whitelisted addresses imported into Mongo) at mint time?

Cheers

cryptokid · December 18, 2021, 7:38am

A user can make a mint without using your application. For example by sending directly the mint transaction to the blockchain. The whitelist logic should be at contract level.

JimBob · December 18, 2021, 11:43pm

Yes you’d have something in the solidity. But that skips over most of my question.
Say we do it with a merkle tree, can we use the Moralis Mongo DB to store the necessary data and have the proof in the contract? What docs should I be looking at to store/call custom data from a Moralis DB?

cryptokid · December 19, 2021, 9:09am

I don’t know exactly how you can do it in mongo db. if you don’t have too many points maybe you can save all the data in a json object, if you need a big database maybe it is better to do something custom without using mongo db

JimBob · December 21, 2021, 4:39am

Since we can manually upload a list of addresses in JSON format
Would Moralis ever consider adding a hook so we could check currentUser is in the custom list, where listName=XYZ for example
Instant whitelisting ability with Moralis will bring in a lot of new, paying users.

cryptokid · December 21, 2021, 8:48am

when do you want to check if the user is in that custom list, at what moment?
there is a hook now for beforeSave that is called when user will login first time for example.

JimBob · January 16, 2022, 3:58am

Rather than a merkle tree, I wonder if it would be easier for Moralis to do help with ECDSA signing for the whitelist (another lower-gas whitelist option a little similar to Merkle tree method). If we can add an array of whitelisted addresses to the database, and check if currentUser is in that list, then pass the user and the recovery hash or whatever to the solidity to be verified to mint.
The biggest problem right now with ECDSA I think is the back end of it. The solidity is rather simple. But with Moralis hooks and the built-in database it could be a lot simpler for people to do this for both ERC20 and NFTs.